Closed innerop closed 1 year ago
innerop
commented
1 year ago I found some privileged functionality protected by the pwd
Like https://github.com/m1k1o/neko/blob/master/server/internal/http/http.go#L86
But not able to find where the password is checked to allow or not allow login.... Will keep looking
m1k1o
commented
1 year ago We use viper that loads configuration from multiple sources, also from env. You can read about it more e.g. here: https://dev.to/techschoolguru/load-config-from-file-environment-variables-in-golang-with-viper-2j2d
Difference between admin and user is, that admin can:
Screen size:
Locks:
Context menu for user (right click on avatar):
Broadcast (in settings):
Yes, current documentation could be better. There are many things as comments in issues, it would be nice to go through it all and put it on a page.
P.S.: Its checked here: https://github.com/m1k1o/neko/blob/b2080649ea50d942c3e9887813d867edbfc21052/server/internal/websocket/websocket.go#L365-L384
innerop
commented
1 year ago Yes on the need to update the docs, just not very good at docs myself, but I'll try and see if I have any time, when I free up. Thank you so much for all this info. At least it's here now in the issues.
Hi,
I searched this repo for all occurence of NEKO_PASSWORD to see how the access control mechanism is implemented. I could only find references in Dockerfile for base, docker-compose.yaml and some docs. Where in the code does it test if the entered value == NEKO_PASSWORD? is it in the frontend code? I can't seem to be able to find the place in the code where the test is performed, and where in the code it recognizes that the user is admin or regular?
A related question: what is the difference between admin and user? I can't tell. I get the same features it seems. Is the difference documented?